diff options
Diffstat (limited to 'api/authorization.go')
-rw-r--r-- | api/authorization.go | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/api/authorization.go b/api/authorization.go index fb04b069b..5badf244b 100644 --- a/api/authorization.go +++ b/api/authorization.go @@ -114,6 +114,42 @@ func HasPermissionToChannel(user *model.User, teamMember *model.TeamMember, chan return HasPermissionToTeam(user, teamMember, permission) } +func HasPermissionToChannelByPostContext(c *Context, postId string, permission *model.Permission) bool { + cmc := Srv.Store.Channel().GetMemberForPost(postId, c.Session.UserId) + + var channelRoles []string + if cmcresult := <-cmc; cmcresult.Err == nil { + channelMember := cmcresult.Data.(*model.ChannelMember) + channelRoles = channelMember.GetRoles() + + if CheckIfRolesGrantPermission(channelRoles, permission.Id) { + return true + } + } + + cc := Srv.Store.Channel().GetForPost(postId) + if ccresult := <-cc; ccresult.Err == nil { + channel := ccresult.Data.(*model.Channel) + + if teamMember := c.Session.GetTeamByTeamId(channel.TeamId); teamMember != nil { + roles := teamMember.GetRoles() + + if CheckIfRolesGrantPermission(roles, permission.Id) { + return true + } + } + + } + + if HasPermissionToContext(c, permission) { + return true + } + + c.Err = model.NewLocAppError("HasPermissionToChannelByPostContext", "api.context.permissions.app_error", nil, "userId="+c.Session.UserId+", "+"permission="+permission.Id+" channelRoles="+model.RoleIdsToString(channelRoles)) + c.Err.StatusCode = http.StatusForbidden + return false +} + func HasPermissionToUser(c *Context, userId string) bool { // You are the user (users autmaticly have permissions to themselves) if c.Session.UserId == userId { |